On Mon, Mar 25, 2024 at 12:43 AM Michael Roth <michael.roth@xxxxxxx> wrote: > There may have be userspaces that previously relied on KVM_SET_XSAVE > being silently ignored when calculating the expected VMSA measurement. > Granted, that's sort of buggy behavior on the part of userspace, but QEMU > for instance does this. In that case, it just so happens that QEMU's reset > values don't appear to affect the VMSA measurement/contents, but there may > be userspaces where it would. > > To avoid this, and have parity with the other interfaces where the new > behavior is gated on the new vm_type/KVM_SEV_INIT2 stuff (via > has_protected_state), maybe should limited XSAVE/FPU sync'ing to > has_protected_state as well? Yes, in particular I am kinda surprised that MXCSR (whose default value after reset is 0x1F80) does not affect the measurement. Paolo
